If you're holding any personal information then you should also consider the Data Protection Act. The act requires information moved outside the eu to be secure and I think also not accessible to anyone not subject to the act. I don't know if a US based server is consistent with this, at the least any transfer of personal information should be done with a https link.